GDPR/ General Data Protection

General Data Protection

Regulation (GDPR)
On 25 May 2018, the most significant piece of European data protection legislation to be introduced in 20 years will come into force. The EU General Data Protection Regulation (GDPR) replaces the 1995 EU DataProtection Directive.
The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.
You can count on the fact that Vuble is committed to GDPR compliance across Vuble services. We
are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts over the years.

Duration of these TermsThese Terms will take effect on the Terms Effective Date and, notwithstanding expiry of the Term, will remain in effect until, and automatically expire upon, deletion of all Customer Data by Vuble as described in these Terms.

Scope of Data Protection Legislation
1 Application of European Legislation. The parties acknowledge and agree that the European Data Protection Legislation will apply to the processing of Customer Personal Data if, for example:
a. the processing is carried out in the context of the activities of an establishment of Customer in the territory of the EEA; and/or
b. the Customer Personal Data is personal data relating to data subjects who are in the EEA and the processing relates to the offering to them of goods or services in the EEA or the monitoring of their behaviour in the EEA.
2 Application of Non-European Legislation. The parties acknowledge and agree that Non-European Data Protection Legislation may also apply to the processing of Customer Personal Data.
3 Application of Terms. Except to the extent these Terms state otherwise, these Terms will apply irrespective of whether the European Data Protection Legislation or Non-European Data Protection Legislation applies to the processing of Customer Personal Data.

Processing of Data
1 Roles and Regulatory Compliance; Authorization.
1.1 Processor and Controller Responsibilities. If the European Data Protection Legislation applies to the processing of Customer Personal Data, the parties acknowledge and agree that:
a. the subject matter and details of the processing are described in Appendix 1;
b. Vuble is a processor of that Customer Personal Data under the European Data Protection Legislation;
c. Customer is a controller or processor, as applicable, of that Customer Personal Data under European Data Protection Legislation; and
d. each party will comply with the obligations applicable to it under the European Data Protection Legislation with respect to the processing of that Customer Personal Data.
1.2 Authorization by Third Party Controller. If the European Data Protection Legislation applies to the processing of Customer Personal Data and Customer is a processor, Customer warrants to Vuble that Customer’s instructions and actions with respect to that Customer Personal Data, including its appointment of Vuble as another processor, have been authorized by the relevant controller.
1.3 Responsibilities under Non-European Legislation. If Non-European Data Protection Legislation applies to either party’s processing of Customer Personal Data, the parties acknowledge and agree that the relevant party will comply with any obligations applicable to it under that legislation with respect to the processing of that Customer Personal Data.
2 Scope of Processing.
2.1 Customer’s Instructions. By entering into these Terms, Customer instructs Vuble to process Customer Personal Data only in accordance with applicable law: (a) to provide the Services; (b) as further specified via Customer’s use of the Services (including the Admin Console and other functionality of the Services); (c) as documented in the form of the Agreement, including these Terms; and (d) as further documented in any other written instructions given by Customer and acknowledged by Vuble as constituting instructions for purposes of these Terms.
2.2 Vuble’s Compliance with Instructions. Vuble will comply with the instructions described in Section 2.1 (Customer’s Instructions) (including with regard to data transfers) unless EU or EU Member State law to which Vuble is subject requires other processing of Customer Personal Data by Vuble, in which case Vuble will inform Customer (unless that law prohibits Vuble from doing so on important grounds of public interest) via the Notification Email Address.
Data Deletion
1 Deletion by Customer. Vuble will enable Customer to delete Customer Data during the Term in a manner consistent with the functionality of the Services. If Customer uses the Services to delete any Customer Data during the Term and that Customer Data cannot be recovered by Customer, this use will constitute an instruction to Vuble to delete the relevant Customer Data from Vuble’s systems in accordance with applicable law. Vuble will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage.
2 Deletion on Termination. On expiry of the Term, Customer instructs Vuble to delete all Customer Data (including existing copies) from Vuble’s systems in accordance with applicable law. Vuble will, after a recovery period of up to 30 days following such expiry, comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage. Without prejudice to Section 9.1 (Access; Rectification; Restricted Processing; Portability), Customer acknowledges and agrees that Customer will be responsible for exporting, before the Term expires, any Customer Data it wishes to retain afterwards.